package org.elasticsearch.xpack.core.security.support;

import java.util.Collections;
import java.util.Locale;
import java.util.Set;
import java.util.regex.Pattern;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.set.Sets;
import org.elasticsearch.xpack.core.security.authc.esnative.ClientReservedRealm;
import org.elasticsearch.xpack.core.security.authz.store.ReservedRolesStore;

/* loaded from: input_file:org/elasticsearch/xpack/core/security/support/Validation.class */
public final class Validation {
    static final int MIN_NAME_LENGTH = 1;
    static final int MAX_NAME_LENGTH = 1024;
    private static final String INVALID_NAME_MESSAGE = "%1s names must be at least 1 and no more than 1024 characters. They can contain alphanumeric characters (a-z, A-Z, 0-9), spaces, punctuation, and printable symbols in the Basic Latin (ASCII) block. Leading or trailing whitespace is not allowed.";
    public static final String INVALID_SERVICE_ACCOUNT_TOKEN_NAME_MESSAGE = "service account token name must have at least 1 character and at most 256 characters that are alphanumeric (A-Z, a-z, 0-9) or hyphen (-) or underscore (_). It must not begin with an underscore (_).";
    static final Set<Character> VALID_NAME_CHARS = Collections.unmodifiableSet(Sets.newHashSet(new Character[]{' ', '!', '\"', '#', '$', '%', '&', '\'', '(', ')', '*', '+', ',', '-', '.', '/', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', ':', ';', '<', '=', '>', '?', '@', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '[', '\\', ']', '^', '_', '`', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '{', '|', '}', '~'}));
    private static final Pattern VALID_SERVICE_ACCOUNT_TOKEN_NAME = Pattern.compile("^[a-zA-Z0-9-][a-zA-Z0-9_-]{0,255}$");

    /* loaded from: input_file:org/elasticsearch/xpack/core/security/support/Validation$Error.class */
    public static class Error {
        private final String message;

        private Error(String str) {
            this.message = str;
        }

        public String toString() {
            return this.message;
        }
    }

    /* loaded from: input_file:org/elasticsearch/xpack/core/security/support/Validation$Roles.class */
    public static final class Roles {
        public static Error validateRoleName(String str) {
            return validateRoleName(str, false);
        }

        public static Error validateRoleName(String str, boolean z) {
            if (!Validation.isValidUserOrRoleName(str)) {
                return new Error(String.format(Locale.ROOT, Validation.INVALID_NAME_MESSAGE, "Role"));
            }
            if (z || !ReservedRolesStore.isReserved(str)) {
                return null;
            }
            return new Error("Role [" + str + "] is reserved and may not be used.");
        }
    }

    /* loaded from: input_file:org/elasticsearch/xpack/core/security/support/Validation$Users.class */
    public static final class Users {
        private static final int MIN_PASSWD_LENGTH = 6;

        public static Error validateUsername(String str, boolean z, Settings settings) {
            if (!Validation.isValidUserOrRoleName(str)) {
                return new Error(String.format(Locale.ROOT, Validation.INVALID_NAME_MESSAGE, "User"));
            }
            if (z || !ClientReservedRealm.isReserved(str, settings)) {
                return null;
            }
            return new Error("Username [" + str + "] is reserved and may not be used.");
        }

        public static Error validatePassword(SecureString secureString) {
            if (secureString.length() >= 6) {
                return null;
            }
            return new Error("passwords must be at least [6] characters long");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isValidUserOrRoleName(String str) {
        if (str.length() < 1 || str.length() > 1024) {
            return false;
        }
        for (char c : str.toCharArray()) {
            if (!VALID_NAME_CHARS.contains(Character.valueOf(c))) {
                return false;
            }
        }
        return (str.startsWith(" ") || str.endsWith(" ")) ? false : true;
    }

    public static boolean isValidServiceAccountTokenName(String str) {
        return str != null && VALID_SERVICE_ACCOUNT_TOKEN_NAME.matcher(str).matches();
    }

    public static String formatInvalidServiceTokenNameErrorMessage(String str) {
        return "invalid service token name [" + str + "]. " + INVALID_SERVICE_ACCOUNT_TOKEN_NAME_MESSAGE;
    }
}
